2 * Copyright (c) 1983, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #if defined(LIBC_SCCS) && !defined(lint)
35 static char sccsid
[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94";
36 #endif /* LIBC_SCCS and not lint */
38 #include <sys/param.h>
39 #include <sys/socket.h>
42 #include <netinet/in.h>
43 #include <arpa/inet.h>
55 #define MIN(A, B) ((A) < (B) ? (A) : (B))
58 int __ivaliduser
__P((FILE *, u_int32_t
, const char *, const char *));
59 static int __icheckhost
__P((u_int32_t
, char *));
62 rcmd(ahost
, rport
, locuser
, remuser
, cmd
, fd2p
)
65 const char *locuser
, *remuser
, *cmd
;
69 struct sockaddr_in sin
, from
;
77 hp
= gethostbyname(*ahost
);
83 oldmask
= sigblock(sigmask(SIGURG
));
84 for (timo
= 1, lport
= IPPORT_RESERVED
- 1;;) {
85 s
= rresvport(&lport
);
89 _("rcmd: socket: All ports in use\n"));
91 (void)fprintf(stderr
, "rcmd: socket: %s\n",
96 fcntl(s
, F_SETOWN
, pid
);
97 sin
.sin_family
= hp
->h_addrtype
;
98 bcopy(hp
->h_addr_list
[0], &sin
.sin_addr
,
99 MIN (sizeof (sin
.sin_addr
), hp
->h_length
));
100 sin
.sin_port
= rport
;
101 if (connect(s
, (struct sockaddr
*)&sin
, sizeof(sin
)) >= 0)
104 if (errno
== EADDRINUSE
) {
108 if (errno
== ECONNREFUSED
&& timo
<= 16) {
113 if (hp
->h_addr_list
[1] != NULL
) {
116 (void)fprintf(stderr
, _("connect to address %s: "),
117 inet_ntoa(sin
.sin_addr
));
118 __set_errno (oerrno
);
121 bcopy(hp
->h_addr_list
[0], &sin
.sin_addr
,
122 MIN (sizeof (sin
.sin_addr
), hp
->h_length
));
123 (void)fprintf(stderr
, _("Trying %s...\n"),
124 inet_ntoa(sin
.sin_addr
));
127 (void)fprintf(stderr
, "%s: %s\n", hp
->h_name
, strerror(errno
));
137 int s2
= rresvport(&lport
), s3
;
138 int len
= sizeof(from
);
143 (void)snprintf(num
, sizeof(num
), "%d", lport
);
144 if (write(s
, num
, strlen(num
)+1) != strlen(num
)+1) {
145 (void)fprintf(stderr
,
146 _("rcmd: write (setting up stderr): %s\n"),
155 if (select(1 + (s
> s2
? s
: s2
), &reads
, 0, 0, 0) < 1 ||
156 !FD_ISSET(s2
, &reads
)) {
158 (void)fprintf(stderr
,
159 _("rcmd: select (setting up stderr): %s\n"),
162 (void)fprintf(stderr
,
163 _("select: protocol failure in circuit setup\n"));
167 s3
= accept(s2
, (struct sockaddr
*)&from
, &len
);
170 (void)fprintf(stderr
,
171 "rcmd: accept: %s\n", strerror(errno
));
176 from
.sin_port
= ntohs((u_short
)from
.sin_port
);
177 if (from
.sin_family
!= AF_INET
||
178 from
.sin_port
>= IPPORT_RESERVED
||
179 from
.sin_port
< IPPORT_RESERVED
/ 2) {
180 (void)fprintf(stderr
,
181 _("socket: protocol failure in circuit setup\n"));
185 (void)write(s
, locuser
, strlen(locuser
)+1);
186 (void)write(s
, remuser
, strlen(remuser
)+1);
187 (void)write(s
, cmd
, strlen(cmd
)+1);
188 if (read(s
, &c
, 1) != 1) {
189 (void)fprintf(stderr
,
190 "rcmd: %s: %s\n", *ahost
, strerror(errno
));
194 while (read(s
, &c
, 1) == 1) {
195 (void)write(STDERR_FILENO
, &c
, 1);
216 struct sockaddr_in sin
;
219 sin
.sin_family
= AF_INET
;
220 sin
.sin_addr
.s_addr
= INADDR_ANY
;
221 s
= socket(AF_INET
, SOCK_STREAM
, 0);
225 sin
.sin_port
= htons((u_short
)*alport
);
226 if (bind(s
, (struct sockaddr
*)&sin
, sizeof(sin
)) >= 0)
228 if (errno
!= EADDRINUSE
) {
233 if (*alport
== IPPORT_RESERVED
/2) {
235 __set_errno (EAGAIN
); /* close */
241 int __check_rhosts_file
= 1;
245 ruserok(rhost
, superuser
, ruser
, luser
)
246 const char *rhost
, *ruser
, *luser
;
253 if ((hp
= gethostbyname(rhost
)) == NULL
)
255 for (ap
= hp
->h_addr_list
; *ap
; ++ap
) {
256 bcopy(*ap
, &addr
, sizeof(addr
));
257 if (iruserok(addr
, superuser
, ruser
, luser
) == 0)
264 * New .rhosts strategy: We are passed an ip address. We spin through
265 * hosts.equiv and .rhosts looking for a match. When the .rhosts only
266 * has ip addresses, we don't have to trust a nameserver. When it
267 * contains hostnames, we spin through the list of addresses the nameserver
268 * gives us and look for a match.
270 * Returns 0 if ok, -1 if not ok.
273 iruserok(raddr
, superuser
, ruser
, luser
)
276 const char *ruser
, *luser
;
286 hostf
= superuser
? NULL
: fopen(_PATH_HEQUIV
, "r");
289 if (__ivaliduser(hostf
, raddr
, luser
, ruser
) == 0) {
295 if (first
== 1 && (__check_rhosts_file
|| superuser
)) {
300 if ((pwd
= getpwnam(luser
)) == NULL
)
303 dirlen
= strlen (pwd
->pw_dir
);
304 pbuf
= alloca (dirlen
+ sizeof "/.rhosts");
305 memcpy (pbuf
, pwd
->pw_dir
, dirlen
);
306 memcpy (pbuf
+ dirlen
, "/.rhosts", sizeof "/.rhosts");
309 * Change effective uid while opening .rhosts. If root and
310 * reading an NFS mounted file system, can't read files that
311 * are protected read/write owner only.
314 (void)seteuid(pwd
->pw_uid
);
315 hostf
= fopen(pbuf
, "r");
321 * If not a regular file, or is owned by someone other than
322 * user or root or if writeable by anyone but the owner, quit.
325 if (lstat(pbuf
, &sbuf
) < 0)
326 cp
= _(".rhosts lstat failed");
327 else if (!S_ISREG(sbuf
.st_mode
))
328 cp
= _(".rhosts not regular file");
329 else if (fstat(fileno(hostf
), &sbuf
) < 0)
330 cp
= _(".rhosts fstat failed");
331 else if (sbuf
.st_uid
&& sbuf
.st_uid
!= pwd
->pw_uid
)
332 cp
= _("bad .rhosts owner");
333 else if (sbuf
.st_mode
& (S_IWGRP
|S_IWOTH
))
334 cp
= _(".rhosts writeable by other than owner");
335 /* If there were any problems, quit. */
348 * Don't make static, used by lpd(8).
350 * Returns 0 if ok, -1 if not ok.
353 __ivaliduser(hostf
, raddr
, luser
, ruser
)
356 const char *luser
, *ruser
;
358 register char *user
, *p
;
364 while ((nread
= getline (&buf
, &bufsize
, hostf
)) > 0) {
365 buf
[bufsize
- 1] = '\0'; /* Make sure it's terminated. */
367 while (*p
!= '\n' && *p
!= ' ' && *p
!= '\t' && *p
!= '\0') {
368 *p
= isupper(*p
) ? tolower(*p
) : *p
;
371 if (*p
== ' ' || *p
== '\t') {
373 while (*p
== ' ' || *p
== '\t')
376 while (*p
!= '\n' && *p
!= ' ' &&
377 *p
!= '\t' && *p
!= '\0')
382 if (__icheckhost(raddr
, buf
) &&
383 strcmp(ruser
, *user
? user
: luser
) == 0) {
393 * Returns "true" if match, 0 if no match.
396 __icheckhost(raddr
, lhost
)
398 register char *lhost
;
400 register struct hostent
*hp
;
401 register u_int32_t laddr
;
404 /* Try for raw ip address first. */
405 if (isdigit(*lhost
) && (int32_t)(laddr
= inet_addr(lhost
)) != -1)
406 return (raddr
== laddr
);
408 /* Better be a hostname. */
409 if ((hp
= gethostbyname(lhost
)) == NULL
)
412 /* Spin through ip addresses. */
413 for (pp
= hp
->h_addr_list
; *pp
; ++pp
)
414 if (!bcmp(&raddr
, *pp
, sizeof(u_int32_t
)))